Results 1 to 9 of 9
  1. #1
    Member
    Join Date
    Dec 2007
    Posts
    5
    Points
    0

    Default Check HiJackThis log please

    Hi, Kaspersky has recently found a few trojan in a scan.
    I've run HijackThis, deleted what it suggested, but it still say's suspicious entries have been found in your log.

    Please check thislogfor anythingbad, thanks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:17:24, on 11/12/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\RivaTuner v2.06\RivaTuner.exe
    C:\Windows\System32\CTHELPER.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Razer\Lachesis\razerhid.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Razer\Lachesis\OSD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Razer\Lachesis\razertra.exe
    C:\Program Files\Razer\Lachesis\razerofa.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 9327 bytes

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Your log's clean

    What was the name(s) & locations(s) of the Trojan files found by Kaspersky ?

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Dec 2007
    Posts
    5
    Points
    0

    Default

    Many thanks for checking.
    It was...

    Trojan.Win32.VB.bmj File: C:\Program Files\Internet Explorer\6128.EXE
    C:\Windows\Temp\6128.exe
    and 4152.exe
    IP.exe

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    OK ... please run these :-

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    Please remember to post :-


    1. SUPERAntiSpyware Scan Log
    2. C:\ComboFix.txt

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Dec 2007
    Posts
    5
    Points
    0

    Default

    Thanks for your help.

    I had already done a scan with SuperAntiSpyware, all it found was adware, but I done another with the setting you suggested...

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/12/2007 at 12:10 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3359
    Trace Rules Database Version: 1358

    Scan type : Complete Scan
    Total Scan Time : 01:08:45

    Memory items scanned : 653
    Memory threats detected : 0
    Registry items scanned : 7428
    Registry threats detected : 0
    File items scanned : 104578
    File threats detected : 27

    Adware.Tracking Cookie
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@ad.uk.tangozebra[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@toplist[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@tribalfusion[2].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@tacoda[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@4.adbrite[2].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@adcycle.sportbox[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@fastclick[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@ad2.adecn[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@atdmt[2].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@ads.adbrite[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@revsci[2].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@adopt.euroclick[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@realmedia[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@bs.serving-sys[2].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@doubleclick[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@advertising[2].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@imrworldwide[2].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@media.adrevolver[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@atwola[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@mediaplex[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@serving-sys[2].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@adbrite[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@adserver.easyad[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@adecn[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@ad.yieldmanager[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@adrevolver[1].txt
    C:\Users\JRW\AppData\Roaming\Microsoft\Windows\Cookies\jrw@e-2dj6wfmigpcjgcp.stats.esomniture[2].txt

    Heres the Combofix log...

    ComboFix 07-12-12.3 - JRW 2007-12-12 13:50:33.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1818 [GMT 0:00]
    Running from: C:\Users\JRW\Documents\Downloads\Programs\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
    .

    2007-12-12 10:19 . 2007-12-12 10:19 138,752 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
    2007-12-12 10:17 . 2007-12-12 10:17 d-------- C:\Users\JRW\AppData\Roaming\Application Data
    2007-12-12 10:17 . 2007-12-12 10:18 d-------- C:\ProgramData\Spyware Terminator
    2007-12-12 10:17 . 2007-12-12 10:18 d-------- C:\Program Files\Spyware Terminator
    2007-12-12 09:50 . 2007-12-12 09:50 1,327,104 --a------ C:\Windows\System32\quartz.dll
    2007-12-12 09:50 . 2007-12-12 09:50 223,232 --a------ C:\Windows\System32\WMASF.DLL
    2007-12-12 09:50 . 2007-12-12 09:50 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
    2007-12-12 09:50 . 2007-12-12 09:50 2,048 --a------ C:\Windows\System32\asferror.dll
    2007-12-12 09:45 . 2007-12-12 09:45 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
    2007-12-12 09:45 . 2007-12-12 09:45 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
    2007-12-12 09:45 . 2007-12-12 09:45 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
    2007-12-12 09:45 . 2007-12-12 09:45 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
    2007-12-12 09:39 . 2007-12-12 09:39 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
    2007-12-12 09:39 . 2007-12-12 09:39 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
    2007-12-12 09:38 . 2007-12-12 09:38 2,048 --a------ C:\Windows\System32\tzres.dll
    2007-12-12 01:39 . 2007-12-12 02:26 d-------- C:\Users\JRW\AppData\Roaming\IDM
    2007-12-11 17:53 . 2007-12-11 17:53 d-------- C:\Program Files\Trend Micro
    2007-12-11 17:50 . 2007-12-11 17:50 0 --a------ C:\Windows\System32\SBRC.dat
    2007-12-11 17:50 . 2007-12-11 17:50 0 --a------ C:\Windows\System32\SBFC.dat
    2007-12-11 15:17 . 2007-12-11 16:46 d-------- C:\ProgramData\Artificial Dynamics
    2007-12-11 13:43 . 2007-12-12 01:55 d-------- C:\Program Files\Internet Download Manager
    2007-12-10 18:35 . 2007-12-10 18:35 1,748,992 --a------ C:\Windows\System32\gdiplus.dll
    2007-12-10 16:18 . 2007-07-23 08:39 202,160 --a------ C:\Windows\System32\idmmbc.dll
    2007-12-09 18:53 . 2007-12-09 18:53 dr-h----- C:\Users\JRW\AppData\Roaming\SecuROM
    2007-12-09 18:34 . 2007-08-08 09:51 249,856 --a------ C:\Windows\System32\Lachesis.cpl
    2007-12-09 18:33 . 2007-12-09 18:33 d-------- C:\Program Files\Razer
    2007-12-09 12:07 . 2007-12-12 13:48 d-------- C:\Users\JRW\AppData\Roaming\DMCache
    2007-12-09 11:47 . 2007-12-09 11:47 d-------- C:\Users\JRW\AppData\Roaming\Xi
    2007-12-08 22:12 . 2007-12-11 17:46 54,156 --ah----- C:\Windows\QTFont.qfn
    2007-12-08 22:12 . 2007-12-08 22:12 1,409 --a------ C:\Windows\QTFont.for
    2007-12-08 16:44 . 2007-12-08 16:44 d-------- C:\Users\JRW\AppData\Roaming\InstallShield
    2007-12-07 17:30 . 2007-12-07 17:30 d-------- C:\Program Files\ImgBurn
    2007-12-07 16:44 . 2007-12-07 16:44 d-------- C:\Program Files\MediaInfo
    2007-12-07 09:53 . 2007-12-07 09:53 d-------- C:\Program Files\Siber Systems
    2007-12-06 23:01 . 2007-12-06 23:01 d-------- C:\Users\JRW\AppData\Roaming\Lamantine
    2007-12-06 12:51 . 2007-12-06 12:51 d-------- C:\ProgramData\RoboForm
    2007-12-06 10:58 . 2007-12-07 09:23 d-------- C:\Program Files\Opera
    2007-12-04 20:58 . 2007-12-04 20:58 d-------- C:\ProgramData\Razer
    2007-12-04 20:58 . 2005-12-21 11:23 14,592 --a------ C:\Windows\System32\drivers\Usbicp.sys
    2007-12-04 20:57 . 2007-08-08 11:04 12,032 --a------ C:\Windows\System32\drivers\Lachesis.sys
    2007-12-04 11:25 . 2007-12-10 22:13 d-------- C:\Program Files\AIMP2
    2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\Windows\System32\divx_xx0c.dll
    2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\Windows\System32\divx_xx07.dll
    2007-12-04 01:33 . 2007-12-04 01:33 802,816 --a------ C:\Windows\System32\divx_xx11.dll
    2007-12-04 01:33 . 2007-12-04 01:33 682,496 --a------ C:\Windows\System32\DivX.dll
    2007-12-04 01:33 . 2007-12-04 01:33 630,784 --a------ C:\Windows\System32\divxdec.ax
    2007-12-03 18:43 . 2007-12-03 18:43 d-------- C:\Users\JRW\AppData\Roaming\Aquarius Soft
    2007-12-03 18:43 . 2007-12-03 18:43 d-------- C:\ProgramData\Aquarius Soft
    2007-12-02 15:34 . 2007-12-03 12:42 d-------- C:\ProgramData\Kontiki
    2007-12-02 15:33 . 2007-12-02 15:33 d-------- C:\ProgramData\Channel4
    2007-12-02 00:13 . 2007-12-04 11:35 d-------- C:\Users\JRW\AppData\Roaming\Tunebite
    2007-12-02 00:13 . 2007-12-02 00:17 d-------- C:\ProgramData\RapidSolution
    2007-12-02 00:13 . 2007-11-16 10:30 26,912 --a------ C:\Windows\System32\drivers\tbhsd.sys
    2007-12-01 09:03 . 2007-12-01 09:03 d-------- C:\Program Files\Windows Live Toolbar
    2007-12-01 09:03 . 2007-12-01 09:03 d-------- C:\Program Files\Windows Live Favorites
    2007-11-30 19:26 . 2007-11-30 19:26 d-------- C:\Program Files\QuickTime Alternative
    2007-11-30 19:26 . 2007-10-19 20:16 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx
    2007-11-30 19:26 . 2007-10-19 20:16 49,152 --a------ C:\Windows\System32\QuickTime.qts
    2007-11-30 17:13 . 2007-12-11 22:58 d-------- C:\Users\JRW\AppData\Roaming\Orbit
    2007-11-29 22:30 . 2007-11-29 22:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
    2007-11-29 22:30 . 2007-11-29 22:30 1,044,480 --a------ C:\Windows\System32\libdivx.dll
    2007-11-29 22:30 . 2007-11-29 22:30 524,288 --a------ C:\Windows\System32\DivXsm.exe
    2007-11-29 22:30 . 2007-11-29 22:30 200,704 --a------ C:\Windows\System32\ssldivx.dll
    2007-11-29 22:30 . 2007-11-29 22:30 4,816 --a------ C:\Windows\System32\divxsm.tlb
    2007-11-29 22:28 . 2007-11-29 22:28 196,608 --a------ C:\Windows\System32\dtu100.dll
    2007-11-29 22:28 . 2007-11-29 22:28 81,920 --a------ C:\Windows\System32\dpl100.dll
    2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\Windows\System32\dtu100.dll.manifest
    2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\Windows\System32\dpl100.dll.manifest
    2007-11-29 14:13 . 2007-12-07 17:37 82,061 --a------ C:\Windows\System32\drivers\klick.dat
    2007-11-29 14:13 . 2007-12-07 17:37 81,549 --a------ C:\Windows\System32\drivers\klin.dat
    2007-11-29 14:12 . 2007-11-29 14:12 d-------- C:\Program Files\Kaspersky Lab
    2007-11-29 14:12 . 2007-12-12 14:00 14,669,344 --ahs---- C:\Windows\System32\drivers\fidbox.dat
    2007-11-29 14:12 . 2007-12-12 09:53 196,832 --ahs---- C:\Windows\System32\drivers\fidbox.idx
    2007-11-29 12:57 . 2007-12-12 09:56 d-------- C:\ProgramData\Kaspersky Lab
    2007-11-28 21:55 . 2007-11-28 21:55 156,992 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
    2007-11-28 21:53 . 2007-11-28 21:53 593,920 --a------ C:\Windows\System32\dpuGUI11.dll
    2007-11-28 21:53 . 2007-11-28 21:53 344,064 --a------ C:\Windows\System32\dpus11.dll
    2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\Windows\System32\dpu11.dll
    2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\Windows\System32\dpu10.dll
    2007-11-28 21:53 . 2007-11-28 21:53 57,344 --a------ C:\Windows\System32\dpv11.dll
    2007-11-28 21:53 . 2007-11-28 21:53 53,248 --a------ C:\Windows\System32\dpuGUI10.dll
    2007-11-28 21:52 . 2007-11-28 21:52 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll
    2007-11-27 16:49 . 2007-11-27 16:49 d-------- C:\Users\JRW\AppData\Roaming\CyberLink
    2007-11-27 16:49 . 2007-11-27 16:49 d-------- C:\ProgramData\CyberLink
    2007-11-27 16:48 . 2001-03-08 18:30 24,064 --------- C:\Windows\System32\msxml3a.dll
    2007-11-27 16:47 . 2007-11-27 16:48 d-------- C:\Program Files\CyberLink
    2007-11-27 08:45 . 2007-11-27 08:45 d-------- C:\Program Files\StAPH
    2007-11-26 16:56 . 2007-12-06 14:13 d-------- C:\Program Files\C-Force
    2007-11-26 16:56 . 2007-12-06 14:13 249,856 --------- C:\Windows\Setup1.exe
    2007-11-26 16:56 . 2007-12-06 14:13 73,216 --a------ C:\Windows\ST6UNST.EXE
    2007-11-24 23:15 . 2007-11-24 23:15 d-------- C:\Users\JRW\AppData\Roaming\River Past G5
    2007-11-24 23:15 . 2007-11-24 23:24 d-------- C:\ProgramData\River Past G5
    2007-11-24 23:15 . 2007-11-24 23:15 d-------- C:\Program Files\River Past
    2007-11-24 23:15 . 2007-11-24 23:15 d-------- C:\Program Files\Common Files\River Past
    2007-11-24 23:15 . 2007-11-24 23:15 164,738 --a------ C:\Windows\Video Cleaner Pro Uninstaller.exe
    2007-11-24 22:15 . 2007-11-24 22:16 d--h----- C:\Windows\msdownld.tmp
    2007-11-24 09:07 . 2007-12-03 12:19 d-------- C:\Program Files\WMR11
    2007-11-23 22:52 . 2007-11-30 19:26 d-------- C:\ProgramData\Apple Computer

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-12 13:56 --------- d-----w C:\Users\JRW\AppData\Roaming\uTorrent
    2007-12-12 11:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2007-12-12 09:50 --------- d-----w C:\ProgramData\Microsoft Help
    2007-12-12 09:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2007-12-12 09:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2007-12-12 09:49 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-12-11 22:16 --------- d-----w C:\Users\JRW\AppData\Roaming\Vso
    2007-12-11 17:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-10 17:42 --------- d-----w C:\Users\JRW\AppData\Roaming\XnView
    2007-12-09 18:53 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2007-12-09 18:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-08 14:00 --------- d-----w C:\Program Files\DivX
    2007-12-04 20:21 --------- d-----w C:\Program Files\Atari
    2007-12-04 20:19 --------- d-----w C:\Users\JRW\AppData\Roaming\Atari
    2007-12-04 11:16 --------- d-----w C:\Program Files\Winamp
    2007-12-01 22:15 --------- d-----w C:\Users\JRW\AppData\Roaming\dvdcss
    2007-11-29 12:55 --------- d-----w C:\Users\JRW\AppData\Roaming\Comodo
    2007-11-27 16:47 --------- d-----w C:\Program Files\Common Files\InstallShield
    2007-11-18 07:35 --------- d-----w C:\ProgramData\NVIDIA
    2007-11-13 23:39 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-11-13 23:39 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-11-13 23:39 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-11-13 23:39 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-11-13 23:39 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-11-13 23:39 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-11-13 23:39 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-11-13 23:39 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2007-11-13 23:39 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-11-13 23:39 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-11-13 23:39 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2007-11-13 23:37 --------- d-----w C:\Program Files\Windows Mail
    2007-11-12 06:51 86,016 ----a-w C:\Windows\System32\nvsvc.dll
    2007-11-12 06:51 81,920 ----a-w C:\Windows\System32\nvmctray.dll
    2007-11-12 06:51 8,236,640 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
    2007-11-12 06:51 795,104 ----a-w C:\Windows\System32\dpinst.exe
    2007-11-12 06:51 757,760 ----a-w C:\Windows\System32\nvcplui.exe
    2007-11-12 06:51 7,098,368 ----a-w C:\Windows\System32\nvoglv32.dll
    2007-11-12 06:51 6,537,216 ----a-w C:\Windows\System32\nvdisps.dll
    2007-11-12 06:51 5,611,520 ----a-w C:\Windows\System32\nvdispsr.dll
    2007-11-12 06:51 5,263,360 ----a-w C:\Windows\System32\nvd3dum.dll
    2007-11-12 06:51 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
    2007-11-12 06:51 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
    2007-11-12 06:51 385,024 ----a-w C:\Windows\System32\nvapi.dll
    2007-11-12 06:51 356,352 ----a-w C:\Windows\System32\nvudisp.exe
    2007-11-12 06:51 35,328 ----a-w C:\Windows\System32\nvcod100.dll
    2007-11-12 06:51 35,328 ----a-w C:\Windows\System32\nvcod.dll
    2007-11-12 06:51 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
    2007-11-12 06:51 3,715,072 ----a-w C:\Windows\System32\nvvitvsr.dll
    2007-11-12 06:51 3,698,688 ----a-w C:\Windows\System32\nvvitvs.dll
    2007-11-12 06:51 3,407,872 ----a-w C:\Windows\System32\nvgames.dll
    2007-11-12 06:51 3,330,048 ----a-w C:\Windows\System32\nvgamesr.dll
    2007-11-12 06:51 229,376 ----a-w C:\Windows\System32\nvmccs.dll
    2007-11-12 06:51 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
    2007-11-12 06:51 2,519,040 ----a-w C:\Windows\System32\nvwssr.dll
    2007-11-12 06:51 2,486,272 ----a-w C:\Windows\System32\nvwss.dll
    2007-11-12 06:51 188,416 ----a-w C:\Windows\System32\nvmccss.dll
    2007-11-12 06:51 147,456 ----a-w C:\Windows\System32\nvcolor.exe
    2007-11-12 06:51 1,829,376 ----a-w C:\Windows\System32\nvwgf2um.dll
    2007-11-12 06:51 1,212,416 ----a-w C:\Windows\System32\nvmobls.dll
    2007-11-12 06:51 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
    2007-11-10 20:10 --------- d-----w C:\Program Files\Steam
    2007-11-10 20:09 --------- d-----w C:\Program Files\Common Files\Steam
    2007-11-09 17:41 --------- d-----w C:\ProgramData\ESET
    2007-11-09 17:30 --------- d-----w C:\Users\JRW\AppData\Roaming\vlc
    2007-11-09 17:28 --------- d-----w C:\Program Files\VideoLAN
    2007-11-09 05:24 --------- d-----w C:\Users\JRW\AppData\Roaming\Nero
    2007-11-08 17:55 --------- d-----w C:\Program Files\AC3Filter
    2007-11-07 17:42 --------- d-----w C:\Program Files\CCleaner
    2007-11-06 17:01 --------- d-----w C:\ProgramData\Creative
    2007-11-06 09:24 --------- d-----w C:\Program Files\Creative
    2007-11-06 09:23 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
    2007-11-06 09:23 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
    2007-11-06 08:37 227,592 ----a-w C:\Windows\System32\PDBoot.exe
    2007-11-05 20:18 --------- d-----w C:\Program Files\DriverCleanerDotNET
    2007-11-05 15:00 --------- d-----w C:\Users\JRW\AppData\Roaming\ImgBurn
    2007-11-05 12:18 --------- d-----w C:\Users\Guest\AppData\Roaming\Comodo
    2007-11-02 02:03 --------- d-----w C:\Program Files\RivaTuner v2.06
    2007-10-31 11:56 46,592 ----a-w C:\Windows\system32\drivers\l160x86.sys
    2007-10-30 18:19 --------- d-----w C:\Users\JRW\AppData\Roaming\Corel
    2007-10-30 17:33 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2007-10-29 23:18 --------- d-----w C:\Program Files\ASUS
    2007-10-29 23:03 34,308 ----a-w C:\Windows\System32\Chip.dll
    2007-10-29 19:10 --------- d-----w C:\Users\JRW\AppData\Roaming\Creative
    2007-10-29 15:07 --------- d-----w C:\Program Files\The Witcher
    2007-10-29 15:04 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
    2007-10-29 15:04 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
    2007-10-29 10:13 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
    2007-10-27 10:59 --------- d---a-w C:\ProgramData\TEMP
    2007-10-27 01:30 621,056 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2007-10-27 01:30 36,864 ----a-w C:\Windows\System32\cdd.dll
    2007-10-25 23:34 189,464 ----a-w C:\Windows\system32\drivers\HAP17V2K.SYS
    2007-10-25 23:34 162,840 ----a-w C:\Windows\system32\drivers\HAP16V2K.SYS
    2007-10-25 23:34 15,896 ----a-w C:\Windows\system32\drivers\PFMODNT.SYS
    2007-10-25 23:33 92,696 ----a-w C:\Windows\system32\drivers\EMUPIA2K.SYS
    2007-10-25 23:33 797,720 ----a-w C:\Windows\system32\drivers\HA10KX2K.SYS
    2007-10-25 23:33 521,496 ----a-w C:\Windows\system32\drivers\CTAUD2K.SYS
    2007-10-25 23:33 511,000 ----a-w C:\Windows\system32\drivers\CTAC32K.SYS
    2007-10-25 23:33 346,856 ----a-w C:\Windows\system32\drivers\CTDVDA2K.SYS
    2007-10-25 23:33 18,840 ----a-w C:\Windows\system32\drivers\CTGAME.SYS
    2007-10-25 23:33 157,208 ----a-w C:\Windows\system32\drivers\CTSFM2K.SYS
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-12_ 2.06.39.58 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-10-02 16:47:35 248,632 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2007-12-12 09:46:43 251,272 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    - 2007-10-02 16:47:35 781,104 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2007-12-12 09:46:37 783,744 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    - 2007-12-12 01:55:37 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2007-12-12 09:54:48 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2006-10-27 14:00:10 576,376 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
    + 2006-10-26 20:18:12 162,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
    + 2006-10-27 14:00:12 1,751,904 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
    + 2006-10-27 14:00:10 576,376 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
    + 2006-10-27 14:00:06 47,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
    + 2006-10-27 14:00:08 191,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
    + 2006-10-26 19:13:34 338,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
    + 2006-10-26 19:13:44 629,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
    + 2006-10-26 19:13:28 207,736 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
    + 2006-10-26 19:13:32 279,352 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
    + 2006-10-26 19:13:08 15,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
    + 2006-10-26 19:13:08 15,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
    + 2006-10-26 19:13:08 15,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
    + 2006-10-26 19:13:12 15,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
    + 2006-10-27 14:00:06 387,960 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
    + 2006-10-26 19:13:38 392,048 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
    + 2006-10-26 19:13:30 260,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
    + 2006-10-26 19:13:32 289,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
    + 2006-10-26 19:13:20 56,120 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
    + 2006-10-26 19:13:38 551,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
    + 2006-10-26 19:13:30 224,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
    + 2006-10-27 14:40:34 208,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
    + 2006-10-26 19:13:34 371,568 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
    + 2006-10-27 14:41:04 399,640 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
    + 2006-10-26 18:59:24 205,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
    + 2006-10-26 20:30:42 65,312 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
    + 2006-10-27 14:16:36 133,936 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
    + 2006-10-26 19:12:52 189,760 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
    + 2006-10-26 19:55:32 87,344 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
    + 2006-10-26 13:10:08 1,190,688 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
    + 2006-10-26 18:21:24 1,682,232 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
    + 2006-10-27 14:09:36 983,376 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
    + 2006-10-26 19:02:12 2,526,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
    + 2006-10-26 19:12:52 173,328 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
    + 2006-10-27 14:10:10 5,281,592 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
    + 2006-10-26 18:55:10 828,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
    + 2006-10-26 19:55:48 340,248 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
    + 2006-10-27 14:04:08 497,504 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
    + 2006-10-27 14:01:34 10,371,880 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
    + 2006-10-26 20:18:06 66,880 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
    + 2006-10-26 12:58:14 117,552 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
    + 2006-10-27 13:59:06 161,080 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
    + 2006-10-26 18:48:12 14,664 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
    + 2006-10-26 19:12:58 428,816 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
    + 2006-10-26 20:13:36 26,936 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
    + 2006-10-26 19:00:08 6,635,320 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
    + 2006-10-26 12:56:36 436,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
    + 2006-10-26 18:50:04 672,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
    + 2006-10-26 12:56:40 505,136 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
    + 2006-10-26 18:55:12 832,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
    + 2006-10-26 18:55:06 538,904 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
    + 2006-10-26 19:12:30 65,824 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
    + 2006-10-27 14:14:34 14,151,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
    + 2006-10-26 19:06:54 232,816 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
    + 2006-10-26 19:14:06 7,033,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
    + 2006-10-27 14:18:36 1,658,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
    + 2006-10-26 19:00:08 274,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
    + 2006-10-26 19:00:12 998,208 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
    + 2006-10-26 19:00:10 285,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
    + 2006-10-26 19:34:12 660,792 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
    + 2006-10-26 19:34:10 192,848 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
    + 2006-10-26 19:07:04 6,536,992 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
    + 2006-07-26 17:53:56 459,080 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
    + 2006-10-27 14:16:44 594,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
    + 2006-10-27 14:16:40 176,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
    + 2006-10-26 20:30:44 482,088 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
    + 2006-10-27 14:04:06 465,200 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
    + 2006-10-27 14:04:06 7,980,848 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
    + 2007-10-02 16:47:35 248,632 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
    + 2006-10-26 18:52:10 2,012,480 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
    + 2006-10-26 19:09:36 136,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
    + 2006-10-26 19:55:54 413,472 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
    + 2006-10-27 14:04:06 624,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
    + 2006-10-26 20:13:38 38,168 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
    + 2006-10-26 19:13:00 503,624 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
    + 2006-10-26 19:06:58 439,600 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
    + 2006-10-26 20:18:16 502,608 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
    + 2006-07-28 14:21:58 277,320 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
    + 2006-10-27 13:57:08 2,330,968 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
    + 2006-09-29 23:42:56 2,583,344 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
    + 2006-10-26 22:00:12 1,841,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
    + 2006-10-26 21:58:38 3,732,792 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
    + 2006-10-27 14:23:04 347,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
    + 2007-10-02 16:47:35 781,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
    + 2006-10-26 20:17:08 11,072 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
    - 2007-11-13 23:37:47 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2007-12-12 09:50:40 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    - 2007-11-13 23:37:47 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2007-12-12 09:50:41 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2007-11-13 23:37:47 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2007-12-12 09:50:40 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    - 2007-11-13 23:37:47 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    + 2007-12-12 09:50:40 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2007-11-13 23:37:47 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2007-12-12 09:50:40 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    - 2007-11-13 23:37:47 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2007-12-12 09:50:41 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    - 2007-11-13 23:37:48 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2007-12-12 09:50:41 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2007-11-13 23:37:47 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2007-12-12 09:50:40 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2007-11-13 23:37:47 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2007-12-12 09:50:40 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    - 2007-11-13 23:37:47 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    + 2007-12-12 09:50:40 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2007-11-13 23:37:48 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2007-12-12 09:50:41 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    - 2007-11-13 23:37:47 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2007-12-12 09:50:40 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    - 2007-10-02 16:45:52 217,864 ----a-r C:\Windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2007-12-12 09:48:36 217,864 ----a-r C:\Windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    - 2007-11-13 23:38:36 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2007-12-12 09:44:45 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
    - 2007-12-12 01:57:09 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2007-12-12 09:55:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2007-12-12 09:55:26 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2007-11-13 23:38:59 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    + 2007-12-12 09:45:13 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
    - 2007-12-12 02:06:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2007-12-12 13:59:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2007-12-12 13:59:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2007-10-02 00:37:50 18,944 ----a-w C:\Windows\servicing\GC32\tzupd.exe
    + 2007-12-12 09:38:58 18,944 ----a-w C:\Windows\servicing\GC32\tzupd.exe
    - 2007-10-10 01:55:16 124,928 ----a-w C:\Windows\System32\advpack.dll
    + 2007-12-12 09:49:16 124,928 ----a-w C:\Windows\System32\advpack.dll
    - 2007-12-12 02:01:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2007-12-12 13:46:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-12-12 02:01:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2007-12-12 13:46:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2007-12-12 02:01:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-12-12 13:46:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2007-10-10 01:55:13 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
    + 2007-12-12 09:49:12 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
    - 2007-10-10 01:55:13 214,528 ----a-w C:\Windows\System32\dxtrans.dll
    + 2007-12-12 09:49:12 214,528 ----a-w C:\Windows\System32\dxtrans.dll
    - 2006-10-26 13:10:08 1,190,688 ----a-w C:\Windows\System32\FM20.DLL
    + 2007-08-23 01:03:38 1,195,888 ----a-w C:\Windows\System32\FM20.DLL
    - 2007-10-10 01:55:14 63,488 ----a-w C:\Windows\System32\icardie.dll
    + 2007-12-12 09:49:11 63,488 ----a-w C:\Windows\System32\icardie.dll
    - 2007-10-10 01:55:16 63,488 ----a-w C:\Windows\System32\ie4uinit.exe
    + 2007-12-12 09:49:08 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
    - 2007-10-10 01:55:12 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
    + 2007-12-12 09:49:13 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
    - 2007-10-10 01:55:17 6,058,496 ----a-w C:\Windows\System32\ieframe.dll
    + 2007-12-12 09:49:20 6,065,664 ----a-w C:\Windows\System32\ieframe.dll
    - 2007-10-10 01:55:16 44,544 ----a-w C:\Windows\System32\iernonce.dll
    + 2007-12-12 09:49:08 44,544 ----a-w C:\Windows\System32\iernonce.dll
    - 2007-10-10 01:55:17 180,736 ----a-w C:\Windows\System32\ieui.dll
    + 2007-12-12 09:49:20 180,736 ----a-w C:\Windows\System32\ieui.dll
    - 2007-10-10 01:55:17 27,648 ----a-w C:\Windows\System32\jsproxy.dll
    + 2007-12-12 09:49:15 27,648 ----a-w C:\Windows\System32\jsproxy.dll
    - 2007-10-10 01:55:17 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
    + 2007-12-12 09:49:16 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
    - 2007-11-02 07:12:57 18,238,072 ----a-w C:\Windows\System32\mrt.exe
    + 2007-12-02 23:00:05 18,684,536 ----a-w C:\Windows\System32\mrt.exe
    - 2007-10-10 01:55:19 3,584,512 ----a-w C:\Windows\System32\mshtml.dll
    + 2007-12-12 09:49:18 3,590,656 ----a-w C:\Windows\System32\mshtml.dll
    - 2007-10-10 01:55:18 477,696 ----a-w C:\Windows\System32\mshtmled.dll
    + 2007-12-12 09:49:18 478,208 ----a-w C:\Windows\System32\mshtmled.dll
    - 2007-10-10 01:55:13 671,232 ----a-w C:\Windows\System32\mstime.dll
    + 2007-12-12 09:49:11 671,232 ----a-w C:\Windows\System32\mstime.dll
    - 2007-12-12 02:01:59 108,966 ----a-w C:\Windows\System32\perfc009.dat
    + 2007-12-12 10:01:05 108,966 ----a-w C:\Windows\System32\perfc009.dat
    - 2007-12-12 02:01:59 625,810 ----a-w C:\Windows\System32\perfh009.dat
    + 2007-12-12 10:01:05 625,810 ----a-w C:\Windows\System32\perfh009.dat
    - 2007-11-14 04:27:58 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
    + 2007-12-12 09:55:37 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
    - 2007-10-10 01:55:17 1,152,000 ----a-w C:\Windows\System32\urlmon.dll
    + 2007-12-12 09:49:15 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
    - 2007-12-12 01:57:26 11,786 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3967682011-2437462984-1368322664-1000_UserData.bin
    + 2007-12-12 09:57:28 11,802 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3967682011-2437462984-1368322664-1000_UserData.bin
    - 2007-12-12 01:57:26 81,326 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2007-12-12 09:57:27 81,710 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2007-12-12 01:57:24 45,622 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2007-12-12 09:57:25 45,750 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2007-10-10 01:55:17 824,832 ----a-w C:\Windows\System32\wininet.dll
    + 2007-12-12 09:49:15 824,832 ----a-w C:\Windows\System32\wininet.dll
    + 2007-12-12 09:49:16 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16575_none_a99e76ebf5de4222\advpack.dll
    + 2007-12-12 09:49:16 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20697_none_aa1474730f0a4c7c\advpack.dll
    + 2007-12-12 09:50:20 1,327,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.16587_none_a43a79faf0fa2e5d\quartz.dll
    + 2007-12-12 09:50:20 1,327,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.20710_none_a508c61a09e55656\quartz.dll
    + 2007-12-12 09:49:15 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16575_none_b2b6294dd9d79f85\urlmon.dll
    + 2007-12-12 09:49:14 1,162,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20697_none_b32c26d4f303a9df\urlmon.dll
    + 2007-12-12 09:49:11 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16575_none_de98b8167f805ef4\mstime.dll
    + 2007-12-12 09:49:11 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20697_none_df0eb59d98ac694e\mstime.dll
    + 2007-12-12 09:38:58 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16589_none_131399240ca44662\tzupd.exe
    + 2007-12-12 09:38:57 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20712_none_13e1e543258f6e5b\tzupd.exe
    + 2007-12-12 09:49:15 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16575_none_ffbc04efa4e0c618\jsproxy.dll
    + 2007-12-12 09:49:15 824,832 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16575_none_ffbc04efa4e0c618\wininet.dll
    + 2007-12-12 09:49:16 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16575_none_ffbc04efa4e0c618\WininetPlugin.dll
    + 2007-12-12 09:49:15 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20697_none_00320276be0cd072\jsproxy.dll
    + 2007-12-12 09:49:15 825,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20697_none_00320276be0cd072\wininet.dll
    + 2007-12-12 09:49:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20697_none_00320276be0cd072\WininetPlugin.dll
    + 2007-12-12 09:49:13 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16575_none_f96527c96ecc406b\ieapfltr.dat
    + 2007-12-12 09:49:13 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16575_none_f96527c96ecc406b\ieapfltr.dll
    + 2007-12-12 09:49:12 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20697_none_f9db255087f84ac5\ieapfltr.dat
    + 2007-12-12 09:49:12 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20697_none_f9db255087f84ac5\ieapfltr.dll
    + 2007-12-12 09:49:12 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16575_none_9599608184b1c699\dxtmsft.dll
    + 2007-12-12 09:49:12 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16575_none_9599608184b1c699\dxtrans.dll
    + 2007-12-12 09:49:11 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20697_none_960f5e089dddd0f3\dxtmsft.dll
    + 2007-12-12 09:49:11 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20697_none_960f5e089dddd0f3\dxtrans.dll
    + 2007-12-12 09:49:18 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16575_none_45fbfad946727926\mshtmled.dll
    + 2007-12-12 09:49:18 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20697_none_4671f8605f9e8380\mshtmled.dll
    + 2007-12-12 09:49:18 3,590,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16587_none_110d54b6253d7ded\mshtml.dll
    + 2007-12-12 09:49:17 3,593,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20710_none_11dba0d53e28a5e6\mshtml.dll
    + 2007-12-12 09:49:11 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16575_none_586e90d8674bbb57\icardie.dll
    + 2007-12-12 09:49:11 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20697_none_58e48e5f8077c5b1\icardie.dll
    + 2007-12-12 09:49:09 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16575_none_2d35117b1d0c34fb\ieUnatt.exe
    + 2007-12-12 09:49:09 625,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16575_none_2d35117b1d0c34fb\iexplore.exe
    + 2007-12-12 09:49:08 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20697_none_2dab0f0236383f55\ieUnatt.exe
    + 2007-12-12 09:49:09 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20697_none_2dab0f0236383f55\iexplore.exe
    + 2007-12-12 09:49:08 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16575_none_c3a3c6966186fda0\ie4uinit.exe
    + 2007-12-12 09:49:08 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16575_none_c3a3c6966186fda0\iernonce.dll
    + 2007-12-12 09:49:08 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16575_none_c3a3c6966186fda0\iesetup.dll
    + 2007-12-12 09:49:08 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20697_none_c419c41d7ab307fa\ie4uinit.exe
    + 2007-12-12 09:49:08 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20697_none_c419c41d7ab307fa\iernonce.dll
    + 2007-12-12 09:49:08 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20697_none_c419c41d7ab307fa\iesetup.dll
    + 2007-12-12 09:49:12 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16575_none_29c8dd066836d2fd\iebrshim.dll
    + 2007-12-12 09:49:12 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20697_none_2a3eda8d8162dd57\iebrshim.dll
    + 2007-12-12 09:49:20 6,065,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16575_none_62757e11b12cbd7b\ieframe.dll
    + 2007-12-12 09:49:20 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16575_none_62757e11b12cbd7b\ieui.dll
    + 2007-12-12 09:49:18 6,067,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20697_none_62eb7b98ca58c7d5\ieframe.dll
    + 2007-12-12 09:49:19 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20697_none_62eb7b98ca58c7d5\ieui.dll
    + 2007-12-12 09:49:10 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16575_none_e66eea9094b011b3\ieinstal.exe
    + 2007-12-12 09:49:10 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20697_none_e6e4e817addc1c0d\ieinstal.exe
    + 2007-12-12 09:49:07 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16575_none_0b171facd72ad165\ieuser.exe
    + 2007-12-12 09:49:07 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20697_none_0b8d1d33f056dbbf\ieuser.exe
    + 2007-12-12 09:50:08 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16585_none_a57e3226437ddd6f\LAPRXY.DLL
    + 2007-12-12 09:50:08 223,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16585_none_a57e3226437ddd6f\WMASF.DLL
    + 2007-12-12 09:50:08 9,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.20708_none_a66151155c57e6dd\LAPRXY.DLL
    + 2007-12-12 09:50:08 223,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.20708_none_a66151155c57e6dd\WMASF.DLL
    + 2007-12-12 09:44:24 2,414,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16601_none_f0a2dbc86e52db8d\OESpamFilter.dat
    + 2007-12-12 09:44:24 2,414,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20726_none_f11bda2d877c31ec\OESpamFilter.dat
    + 2007-12-12 09:39:19 3,504,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntkrnlpa.exe
    + 2007-12-12 09:39:19 3,470,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntoskrnl.exe
    + 2007-12-12 09:39:18 3,505,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntkrnlpa.exe
    + 2007-12-12 09:39:18 3,472,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntoskrnl.exe
    + 2007-12-12 09:45:21 58,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16586_none_88a4376b8cdaca70\mrxsmb20.sys
    + 2007-12-12 09:45:21 58,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.20709_none_8987565aa5b4d3de\mrxsmb20.sys
    + 2007-12-12 09:45:21 101,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16586_none_7d5aaf055432589d\mrxsmb.sys
    + 2007-12-12 09:45:21 102,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.20709_none_7e3dcdf46d0c620b\mrxsmb.sys
    + 2007-12-12 09:45:21 84,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.16586_none_019f7004133c0031\srvnet.sys
    + 2007-12-12 09:45:21 84,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.20709_none_02828ef32c16099f\srvnet.sys
    + 2007-12-12 09:45:21 130,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6000.16586_none_d7b5db3ef9909d40\srv2.sys
    + 2007-12-12 09:45:20 130,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6000.20709_none_d898fa2e126aa6ae\srv2.sys
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 12:35]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-15 07:19]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-12-11 12:55]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\Windows\KHALMNPR.Exe]
    "RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 18:05]
    "CTHelper"="CTHELPER.EXE" [2007-10-25 21:56 C:\Windows\System32\CTHELPER.EXE]
    "NvSvc"="RUNDLL32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
    "NvCplDaemon"="RUNDLL32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
    "Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-02 00:38]
    "Lachesis"="C:\Program Files\Razer\Lachesis\razerhid.exe" [2007-09-12 11:52]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-12 10:18]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    R0 timounter;Acronis True Image Backup Archive Explorer;C:\Windows\system32\DRIVERS\timntr.sys
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys
    R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\Windows\system32\drivers\sp_rsdrv2.sys
    R2 dkcrcs;dkcrcs;C:\Windows\system32\svchost.exe -k dkcrcs
    R2 tifsfilter;Acronis True Image FS Filter;C:\Windows\system32\DRIVERS\tifsfilt.sys
    R2 ykcrcscs;ykcrcscs;\??\C:\Windows\system32\drivers\dkcrcs.sys
    R2 ysiraeog;ysiraeog;\??\C:\Windows\system32\drivers\zsirae.sys
    R2 zsirae;zsirae;C:\Windows\system32\svchost.exe -k zsirae
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys
    R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys
    R3 LachesisFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys
    R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
    R3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys
    S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe"
    S3 Maplom;Maplom;C:\Windows\system32\drivers\Maplom.sys
    S3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService
    S3 tbhsd;Tunebite High-Speed Dubbing;C:\Windows\system32\drivers\tbhsd.sys
    S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs REG_MULTI_SZ BthServ
    zsirae REG_MULTI_SZ zsirae
    dkcrcs REG_MULTI_SZ dkcrcs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13cb85f5-707d-11dc-9bf5-806e6f6e6963}]
    \shell\AutoRun\command - D:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51081c65-70bc-11dc-9af5-806e6f6e6963}]
    \shell\AutoRun\command - D:\.\Bin\Assetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79fb152c-9b5a-11dc-bb15-806e6f6e6963}]
    \shell\AutoRun\command - F:\AutoRunCD.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6b1af41-70b2-11dc-8b03-001d600d98f3}]
    \shell\AutoRun\command - F:\setupSNK.exe

    *Newly Created Service* - SP_RSDRV2
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-12 14:00:31 C:\Windows\Tasks\User_Feed_Synchronization-{D82754E3-AFAD-44C8-B868-36802F297BFD}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-12 13:59:56
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-12 14:01:32
    C:\ComboFix2.txt ... 2007-12-12 02:07
    .
    2007-12-12 09:50:48 --- E O F ---

  6. #6
    Member
    Join Date
    Dec 2007
    Posts
    5
    Points
    0

    Default

    Latest Hijackthis log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:27:46, on 12/12/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\RivaTuner v2.06\RivaTuner.exe
    C:\Windows\System32\CTHELPER.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Razer\Lachesis\razerhid.exe
    C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Razer\Lachesis\OSD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Razer\Lachesis\razertra.exe
    C:\Program Files\Razer\Lachesis\razerofa.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
    O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 9328 bytes

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Those logs are clean as well ...

    Delete this file (if still there) C:\Program Files\Internet Explorer\6128.EXE

    What other files are in the \Internet Explorer\ folder ?

    I don't want to know what folders are in there, or what are in the folders ... just files ?

    RE:

    C:\Windows\Temp\6128.exe
    and 4152.exe
    IP.exe

    Ccleaner will delete these files from your temp folder & other temp files as well ...

    Please Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

    doubleclick the ccsetup.exe file and install the program...

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  8. #8
    Member
    Join Date
    Dec 2007
    Posts
    5
    Points
    0

    Default

    Thanks Steam.
    In my IE folder the files are;

    hmmapi.dll
    iedw.exe
    ieinstal.exe
    iessetup.ceb
    ieuser.exe
    iexplore.exe
    MSWINSCK.OCX
    sqmapi.dll

    I've now got SuperAntiSpyware (free), Kaspersky Internet Security, RoboForm, CCleaner, Spyware Terminator with all the protection except antivirus enabled.

    Anything else you recommend using? I did try SafeSpace and DefenseWall HIPS but they were complicated!

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Those files are OK ...

    Vista is more secure than XP to start with, but it's still early days ... you can take a look at the link in my signature for ways to keep your computer secure ... but bear in mind this was written for XP, I believe that most (if not all) the programs listed are now compatible with vista ... but any you decide to install will tell you in their documentation ... I also assume you are running the vista firewall, several FREE third party 2-way firewalls are now available for vista, but they do not install without problems on all vista machines ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -